DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier...
Transcript of DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier...
DeltaShaperEnabling Unobservable Censorship-
resistant TCP Tunneling overVideoconferencing Streams
Diogo Barradas Nuno Santos Luís Rodrigues
INESC-ID, Instituto Superior Técnico, Universidade de Lisboa
2/29
Censors monitor / control Internet access
Censored Region Uncensored Region
3/29
Censors monitor / control Internet access
Censored Region Uncensored Region
4/29
Censors attempt to block covert channels
Censored Region Uncensored Region
DeltaShaper
5/29
Censored Region Uncensored Region
• Goals• Establish a covert TCP/IP channel
• Maintain unobservability
• Resist against network perturbations
Multimedia protocol tunneling
6/30
System / Properties Active/Passive Attack Resistance
Arbitrary Data Transmission
InteractiveCommunication
FreeWave(Houmansadr et al.)
Audio Modulation
- ✔ ✔
Facet(Li et al.)
Video Embedding
✔ - -
CovertCast(McPherson et al.)
Video Modulation
✔ ✔ -
DeltaShaperVideo Modulation
✔ ✔ ✔
CoverageSecurity
Threat model
• Assumptions:• Packets carrying multimedia data are encrypted
• Censor’s Capabilities:• Deep Packet Inspection
• Observe, store and analyze traffic flows
• Apply artificial constraints on the network
• Censor’s Limitations:• Unable to decipher the content of Skype packets
• Not in collusion with the video-conferencing provider
• Attempts to minimize collateral damage7/29
A naïve approach at data modulation
8/29
640 px
480 px
• Replace chat video frames• Encode data in all available pixels
1px = 24bR = 8bG = 8bB = 8b
~922 kB / frame
Drawbacks of naïve data modulation
9/29640 px
480 px
• Data loss• Lossy compression (downsampling + quantization)
• Abnormal traffic patterns• Poor compression (spatial & inter-frame redundancy)
1px = 24bR = 8bG = 8bB = 8b
~922 kB / frame
C1: Can we distinguish regular from irregular Skype streams?
• Traffic signatures appear to be different• Packet lengths frequency distribution
10/29
Frames change extensively
Frames do not change
C2: How much throughput can weachieve while preserving unobservability?
11/29
Censored Region Uncensored Region
Good UnobservabilityLow Throughput
Poor UnobservabilityHigh Throughput
C3: How to maintain unobservability in adverse network conditions?
12/29
Censored Region Uncensored RegionCensored Region Uncensored Region
Ideal conditionsGood unobservability
Perturbed conditionsPoor unobservability
Contributions
• DeltaShaper : A censorship-resistant system• Tunnel TCP/IP data over Skype videocalls
• Distinguish regular / irregular Skype call streams• Packet frequency distribution / EMD
• Maximize throughput and maintain unobservability• Explore the space encoding parameters
• Adaptation to network conditions• Dynamic calibration of encoding parameters
13/29
How to characterize Skype streams?
• Characteristic Function - Create a stream signature• Frequency distribution of packet lengths
• Similarity Function - Quantify streams’ differences • Earth Mover’s Distance (EMD)
14/29
Different videos generate distinct traffic
• Differences between signatures can be quantified
• Earth Movers’ Distance
15/29
EMD > 0.50
EMD > 0.50
EMD = 0.05
Different videos generate distinct traffic
• Censors can identify streams with unusual traffic
16/29
EMD > Δ
EMD > Δ
EMD < Δ
Flagged
Flagged
Regular Call
Δ = 0.06
Can we encode data and maintain unobservability?
• Strawman: Embed a small payload in each frame
• Generated traffic does not reflect this embedding
17/29
EMD < Δ
Regular Call
EMD < ΔRegular Call
EMD < Δ
Regular Call
A better approach for data modulation
18/29
(b) Payload Frame(a) Carrier Frame
+
(c) Covert Frame
=
Parameter Description
ap payload frame area (pixel×pixel)
ac cell size (pixel×pixel)
bc color encoding (bits)
rp payload frame rate (frames/s)
• Strive for unobservability
• Accommodate for lossy compression
Adapt to network conditions
• Calibrate encoding parameters• Maintain unobservability
• Modulate max. amount of data
19/29
DeltaShaper adaptation mechanism
• Periodically:• Estimate network conditions from recorded baselines
• Select adequate parameters from pre-computed table
20/29
Which set is closest?
Cond.1 Cond. 2 Cond. n
…
Carrier signature
… … …
ap 1
ac 1
bc 1
rp 1
ap 2
ac 2
bc 2
rp 2
ap n
ac n
bc n
rp n
Encodingparameters
Implementation challenges
21/29
• Network interaction• Allow transparent TCP/IP communication
• Video processing• Combine carrier / payload frames
• Video-conferencing software as a black-box• Send covert frames without modifying Skype
DeltaShaper client module
22/29
VETH0
10.10.10.11
Client
Application
Linux Kernel
Kernel
Module
Payload
Encoder
IP Packet
Queue
Payload
Frame Queue
Payload
Streamer
Stream Blender
(Snowmix)
FFMPEG
Virtual Camera
/dev/video0
Carrier
Streamer
Carrier
Frame
Client Endpoint
Network
Namespace Encoder
AdapterCovert
Stream
VETH1
10.10.10.10
DeltaShaper server module
23/29
Worker
ThreadWorker
ThreadDecoder
Thread
Linux Kernel
Display
FramebufferLocalhost
interface
Photo
Thread
XWD
Server
Application
Server Endpoint
Payload Fragment
Pool
Receiver
Process
Covert
Stream
Evaluation Steps
1. Can we distinguish Skype streams?
2. Can we balance throughput and unobservability?
3. How well does DeltaShaper perform?
24/29
Can we distinguish Skype streams?
• 83% accuracy in distinguishing Skype streams
• DeltaShaper streams must remain under ΔI
25/29
These streams seemto be strange...I’ll block them.
Can we balance throughput and unobservability?
26/29
Parameter Description Configuration
ap payload frame area (pixel×pixel) 320 x 240
ac cell size (pixel×pixel) 8 x 8
bc color encoding (bits) 6
rp payload frame rate (frames/s) 1
How well does DeltaShaper perform?
• Achieved configuration:
• Performance• Raw throughput: 7.2 Kbps
• Round-Trip-Time: 2s 973ms
27/29
Parameter Description Configuration
ap payload frame area (pixel×pixel) 320 x 240
ac cell size (pixel×pixel) 8 x 8
bc color encoding (bits) 6
rp payload frame rate (frames/s) 1
How well does DeltaShaper perform?
Use Case Protocol Session W/ DS (mm:ss)
Protocol Session W/o DS (mm:ss)
Overhead
Wget (4kB file) 0:22 < 0:01 3,142.9 x
FTP (4kB file) 1:43 0:09 11.4 x
SSH + SMTP 2:41 0:38 4.2 x
SSH 1:29 0:06 14.8 x
Telnet 1:13 0:06 12.2 x
Netcat chat 0:01 < 0:01 166.7 x
SSH Tunnel 2:19 0:22 6.3 x
28/29
• DeltaShaper allows for the execution of traditional TCP/IP applications which cover different users’ needs
Non-interactive session
Interactive session
Conclusions
• DeltaShaper: A censorship-resistant system• Supports high-latency / low-throughput TCP applications
• Maximize throughput and preserve unobservability• Greedy exploration of encoding configurations
• Adaptation in multimedia protocol tunneling• Provides improved unobservability
• Could also enhance similar systems
29/29http://web.ist.utl.pt/diogo.barradas